Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by Ellen (administrator) on ELLEN (22-09-2015 23:18:41)
Running from C:\Users\Ellen\Downloads
Loaded Profiles: Ellen (Available Profiles: Ellen)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(Canon INC.) C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3952800 2015-09-05] (Synaptics Incorporated)
HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKU\S-1-5-21-1046601001-1906817106-3343807100-1001\...\Run: [GoogleChromeAutoLaunch_471C568578175D6DF77F6D2460619B03] => C:\Users\Ellen\AppData\Local\Chromium\Application\chrome.exe [659456 2015-06-03] (The Chromium Authors)
HKU\S-1-5-21-1046601001-1906817106-3343807100-1001\...\Run: [DeskBar] => C:\Users\Ellen\AppData\Local\DeskBar\dblaunch.exe
HKU\S-1-5-21-1046601001-1906817106-3343807100-1001\...\Run: [WindApp] => "C:\Users\Ellen\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup
HKU\S-1-5-21-1046601001-1906817106-3343807100-1001\...\Run: [Selection Tools] => "C:\Users\Ellen\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup
HKU\S-1-5-21-1046601001-1906817106-3343807100-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-20] (Piriform Ltd)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Ellen\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Ellen\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Ellen\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Ellen\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Ellen\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncShell.dll No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2015-09-05]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EOS Utility.lnk [2015-09-06]
ShortcutTarget: EOS Utility.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (Canon INC.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll No File 
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\Haedyanurv64.dll [353608 2015-09-08] ()
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\Haedyanurv64.dll [353608 2015-09-08] ()
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\Haedyanurv64.dll [353608 2015-09-08] ()
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\Haedyanurv64.dll [353608 2015-09-08] ()
Winsock: Catalog9-x64 17 C:\WINDOWS\system32\Haedyanurv64.dll [353608 2015-09-08] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1f21256c-c0c0-44b7-8705-34fd31675558}: [NameServer] 82.163.143.162,82.163.142.164
Tcpip\..\Interfaces\{3c73f8f1-b698-4483-a693-14640e8d8390}: [NameServer] 82.163.143.162,82.163.142.164
Tcpip\..\Interfaces\{3c73f8f1-b698-4483-a693-14640e8d8390}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{dacca030-eed5-46f1-a5eb-3f1233dd7bab}: [NameServer] 82.163.143.162,82.163.142.164

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1046601001-1906817106-3343807100-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M89F0110C-C151-4163-88B6-B1F0CC9B52B7&SearchSource=55&CUI=&UM=8&UP=SP76DD2D66-F056-46FB-9377-96A3F592F73F&D=090815&SSPV=SP30500TA_sp_ie
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_otbrw8_15_36&cd=2XzuyEtN2Y1L1QzutA0CtDyByBtCyCyCyE0D0Ezy0AyD0F0FtN0D0Tzu0StCtAyEtAtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SzytByBzy0Fzz0B0EtGzz0D0B0FtGyE0BtByBtG0ByEtA0BtG0ByBtA0EyEyCzzyByC0Bzzzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0DzztB0F0C0C0AtG0A0A0EtDtGyE0BtBzztG0A0FtA0AtG0CzytDyE0DzzyD0ByD0CtC0B2QtN0A0LzuyE&cr=1365513339&ir=
SearchScopes: HKLM -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_36&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutA0CtDyByBtCyCyCyE0D0Ezy0AyD0F0FtN0D0Tzu0StCtAyEtAtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StB0CzzyE0DyBtB0EtGtBtC0FzztGyEtBzy0BtGzztCtAzztG0C0EzyyC0AyBtDtDtByC0Czz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0DzztB0F0C0C0AtG0A0A0EtDtGyE0BtBzztG0A0FtA0AtG0CzytDyE0DzzyD0ByD0CtC0B2QtN0A0LzuyE%26cr%3D574011361%26a%3Dwny_ir_15_36%26os%3DWindows 10 Home&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1046601001-1906817106-3343807100-1001 -> DefaultScope {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = hxxp://www-searching.com/search.aspx?s=F98zbwybl002,16e48174-861d-40fc-a252-76eb3e60302e&site=shyosie&prd=set&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1046601001-1906817106-3343807100-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M89F0110C-C151-4163-88B6-B1F0CC9B52B7&SearchSource=58&CUI=&UM=8&UP=SP76DD2D66-F056-46FB-9377-96A3F592F73F&D=090815&q={searchTerms}&SSPV=SP30500TA_sp_ie
SearchScopes: HKU\S-1-5-21-1046601001-1906817106-3343807100-1001 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?site=shdefault&prd=smw&pid=s&shr=d&q={searchTerms}&s=F98zbwybl002,16e48174-861d-40fc-a252-76eb3e60302e,
SearchScopes: HKU\S-1-5-21-1046601001-1906817106-3343807100-1001 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_otbrw8_15_36&cd=2XzuyEtN2Y1L1QzutA0CtDyByBtCyCyCyE0D0Ezy0AyD0F0FtN0D0Tzu0StCtAyEtAtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SzytByBzy0Fzz0B0EtGzz0D0B0FtGyE0BtByBtG0ByEtA0BtG0ByBtA0EyEyCzzyByC0Bzzzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0DzztB0F0C0C0AtG0A0A0EtDtGyE0BtBzztG0A0FtA0AtG0CzytDyE0DzzyD0ByD0CtC0B2QtN0A0LzuyE&cr=1365513339&ir=
SearchScopes: HKU\S-1-5-21-1046601001-1906817106-3343807100-1001 -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = hxxp://www-searching.com/search.aspx?s=F98zbwybl002,16e48174-861d-40fc-a252-76eb3e60302e&site=shyosie&prd=set&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1046601001-1906817106-3343807100-1001 -> {D5CA0909-CFE8-46C8-B7B9-D1F914CBBCE5} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_36&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutA0CtDyByBtCyCyCyE0D0Ezy0AyD0F0FtN0D0Tzu0StCtAyEtAtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StB0CzzyE0DyBtB0EtGtBtC0FzztGyEtBzy0BtGzztCtAzztG0C0EzyyC0AyBtDtDtByC0Czz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0DzztB0F0C0C0AtG0A0A0EtDtGyE0BtBzztG0A0FtA0AtG0CzytDyE0DzzyD0ByD0CtC0B2QtN0A0LzuyE%26cr%3D574011361%26a%3Dwny_ir_15_36%26os%3DWindows 10 Home&p={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\5hxdje8y.default
FF DefaultSearchEngine: Search Module
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF user.js: detected! => C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\5hxdje8y.default\user.js [2015-09-11]
FF HKLM\...\Firefox\Extensions: [{F32A482A-6E3F-43A1-81CA-064F3BDFF190}] - C:\Program Files\groover080920151225\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{F32A482A-6E3F-43A1-81CA-064F3BDFF190}] - C:\Program Files\groover080920151225\Firefox

Chrome: 
=======
CHR HKU\S-1-5-21-1046601001-1906817106-3343807100-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-03-27] (Broadcom Corporation.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328608 2015-07-30] (Intel Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [247968 2015-09-05] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S2 Update Super Great; "C:\Program Files (x86)\Super Great\updateSuperGreat.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [173312 2015-03-27] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6971056 2013-03-14] (Broadcom Corporation)
R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34720 2015-09-08] ()
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [56736 2015-08-20] (Windows (R) Win 7 DDK provider)
R1 ppfd_vw_1_10_0_24; C:\Windows\System32\drivers\ppfd_vw_1_10_0_24.sys [57744 2015-09-02] (PhraseProfessor)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28400 2013-03-14] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [44192 2015-09-05] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R1 {ec691f88-7aa1-422e-8927-1e1e09131a80}Gw64; C:\Windows\System32\drivers\{ec691f88-7aa1-422e-8927-1e1e09131a80}Gw64.sys [48744 2015-09-05] (StdLib)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-22 23:18 - 2015-09-22 23:19 - 00014101 _____ C:\Users\Ellen\Downloads\FRST.txt
2015-09-22 23:16 - 2015-09-22 23:18 - 00000000 ____D C:\FRST
2015-09-22 23:15 - 2015-09-22 23:16 - 02191360 _____ (Farbar) C:\Users\Ellen\Downloads\FRST64.exe
2015-09-22 23:15 - 2015-09-22 23:15 - 01695232 _____ (Farbar) C:\Users\Ellen\Downloads\FRST.exe
2015-09-22 23:09 - 2015-09-22 23:09 - 00016148 _____ C:\WINDOWS\system32\ELLEN_Ellen_HistoryPrediction.bin
2015-09-21 20:35 - 2015-09-21 20:35 - 00000103 _____ C:\WINDOWS\setupact.log
2015-09-21 20:35 - 2015-09-21 20:35 - 00000000 ____D C:\Program Files\Realtek
2015-09-21 20:35 - 2015-09-21 20:35 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-09-21 20:34 - 2015-09-21 20:34 - 72121872 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2015-09-21 20:34 - 2015-09-21 20:34 - 36778882 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2015-09-21 20:34 - 2015-09-21 20:34 - 07172920 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 07096192 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 05804772 _____ C:\WINDOWS\system32\Drivers\rtvienna.dat
2015-09-21 20:34 - 2015-09-21 20:34 - 04598528 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2015-09-21 20:34 - 2015-09-21 20:34 - 03271912 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 03232448 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 02965632 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 02927872 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 02711296 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2015-09-21 20:34 - 2015-09-21 20:34 - 02050184 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 01965816 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 01780624 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 01758976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 01591064 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 01508936 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 01382240 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 01331336 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 01211840 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO5064.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 01164336 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO4064.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 01122648 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\slcnt64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00965032 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00961024 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00923752 _____ (Sony Corporation) C:\WINDOWS\system32\MISS_APO.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00888480 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tossaeapo64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00873472 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00749776 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00743968 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00727440 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00708320 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00678192 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00677680 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00645464 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00618192 _____ (Knowles Acoustics ) C:\WINDOWS\system32\KAAPORT64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00596120 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosasfapo64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00574248 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00532384 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00514528 _____ (DTS) C:\WINDOWS\system32\DTSU2PLFX64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00504312 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00500560 _____ (DTS) C:\WINDOWS\system32\DTSU2PGFX64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00447728 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00445408 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00441272 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00428232 _____ (DTS) C:\WINDOWS\system32\DTSU2PREC64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00387320 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00343712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00330568 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00327464 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00321720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00321720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00272720 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00259288 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00253904 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00253872 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00252880 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00231920 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00221976 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00214840 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00209544 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00195192 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00172584 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\toseaeapo64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00166208 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00164432 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkXInterface64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00158704 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00151792 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00134208 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00122328 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00118600 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00110992 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00090920 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00088352 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00088328 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00084624 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00083632 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00075544 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll
2015-09-21 20:34 - 2015-09-21 20:34 - 00023704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2015-09-19 20:53 - 2015-09-19 20:53 - 02012464 _____ C:\Users\Ellen\Downloads\Adaware_Installer.exe
2015-09-19 20:53 - 2015-09-19 20:53 - 00000000 ____D C:\ProgramData\Lavasoft
2015-09-19 00:17 - 2015-09-19 21:48 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-19 00:17 - 2015-09-19 00:17 - 00000000 ____D C:\Users\Ellen\Downloads\mbam-chameleon-3.1.25.0
2015-09-19 00:16 - 2015-09-19 00:17 - 06383209 _____ C:\Users\Ellen\Downloads\mbam-chameleon-3.1.25.0.zip
2015-09-18 23:18 - 2015-09-18 23:22 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Ellen\Downloads\.exe.exe
2015-09-18 23:10 - 2015-09-18 23:11 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Ellen\Downloads\SpyHunter-Installer.exe
2015-09-18 23:02 - 2015-09-18 23:02 - 00002850 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-09-18 23:02 - 2015-09-18 23:02 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-09-18 23:02 - 2015-09-18 23:02 - 00000000 ____D C:\Program Files\CCleaner
2015-09-18 23:00 - 2015-09-18 23:01 - 06667640 _____ (Piriform Ltd) C:\Users\Ellen\Downloads\ccsetup509.exe
2015-09-17 12:39 - 2015-09-17 12:39 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-09-17 12:27 - 2015-09-17 12:28 - 04902832 _____ (VAPC (Lux) S.a.r.L) C:\Users\Ellen\Downloads\wzro32.exe
2015-09-17 12:20 - 2015-09-17 12:20 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-09-17 00:23 - 2015-09-17 00:28 - 00000000 ____D C:\Program Files (x86)\Google
2015-09-17 00:23 - 2015-09-17 00:23 - 00929872 _____ (Google Inc.) C:\Users\Ellen\Downloads\ChromeSetup.exe
2015-09-17 00:23 - 2015-09-17 00:23 - 00000000 ____D C:\Users\Ellen\AppData\Local\Google
2015-09-17 00:22 - 2015-09-17 00:22 - 00242600 _____ C:\Users\Ellen\Downloads\Firefox Setup Stub 40.0.3 (2).exe
2015-09-17 00:16 - 2015-09-17 00:16 - 00242752 _____ C:\Users\Ellen\Downloads\Firefox Setup Stub 40.0.3 (1).exe
2015-09-13 12:44 - 2015-09-13 12:44 - 00000000 ____D C:\Users\Ellen\AppData\Local\Publishers
2015-09-12 00:13 - 2015-09-12 17:11 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\Apple Computer
2015-09-12 00:13 - 2015-09-12 00:13 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-09-12 00:13 - 2015-09-12 00:13 - 00000000 ____D C:\Users\Ellen\AppData\Local\Apple Computer
2015-09-12 00:13 - 2015-09-12 00:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-09-12 00:12 - 2015-09-12 00:13 - 00000000 ____D C:\Program Files\iTunes
2015-09-12 00:12 - 2015-09-12 00:12 - 00000000 ____D C:\ProgramData\Apple Computer
2015-09-12 00:12 - 2015-09-12 00:12 - 00000000 ____D C:\Program Files\iPod
2015-09-12 00:12 - 2015-09-12 00:12 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-09-12 00:11 - 2015-09-12 00:12 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-09-12 00:11 - 2015-09-12 00:11 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-09-12 00:11 - 2015-09-12 00:11 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2015-09-12 00:11 - 2015-09-12 00:11 - 00000000 ____D C:\Users\Ellen\AppData\Local\Apple
2015-09-12 00:11 - 2015-09-12 00:11 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-09-12 00:10 - 2015-09-12 00:11 - 00000000 ____D C:\ProgramData\Apple
2015-09-11 22:34 - 2015-09-11 22:40 - 155835672 _____ (Apple Inc.) C:\Users\Ellen\Downloads\iTunes6464Setup.exe
2015-09-11 21:25 - 2015-09-11 21:25 - 00004086 _____ C:\WINDOWS\System32\Tasks\LaunchPreSignup
2015-09-10 21:18 - 2015-09-10 21:18 - 00000000 ____D C:\Users\Ellen\AppData\Local\NetworkTiles
2015-09-10 18:10 - 2015-09-21 22:10 - 00000276 _____ C:\WINDOWS\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200}.job
2015-09-10 18:10 - 2015-09-10 18:10 - 00003234 _____ C:\WINDOWS\System32\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200}
2015-09-10 18:04 - 2015-09-19 21:35 - 00000000 ____D C:\Users\Ellen\AppData\Local\VirtualStore
2015-09-10 17:51 - 2015-09-11 22:01 - 00000000 ____D C:\Users\Ellen\AppData\Local\Canon_INC
2015-09-10 16:50 - 2015-09-10 16:50 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-09-10 16:06 - 2015-09-10 16:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-10 16:06 - 2015-08-26 18:37 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-09-10 15:53 - 2015-09-10 15:54 - 00000909 _____ C:\WINDOWS\SysWOW64\${LOGFILE}
2015-09-10 15:35 - 2015-09-10 15:44 - 00000000 ____D C:\Users\Ellen\AppData\Local\Mozilla
2015-09-10 15:35 - 2015-09-10 15:35 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\Mozilla
2015-09-10 15:31 - 2015-09-10 15:32 - 00242752 _____ C:\Users\Ellen\Downloads\Firefox Setup Stub 40.0.3.exe
2015-09-10 15:29 - 2015-09-16 22:39 - 00000000 ____D C:\Users\Ellen\AppData\Local\MicrosoftEdge
2015-09-10 15:26 - 2015-09-10 15:30 - 00000000 ____D C:\Program Files (x86)\baidu
2015-09-10 15:26 - 2015-09-10 15:26 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\Baidu
2015-09-10 15:26 - 2015-09-10 15:26 - 00000000 ____D C:\ProgramData\Baidu
2015-09-08 23:51 - 2015-07-05 11:08 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-09-08 23:48 - 2015-09-10 18:09 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\WTools
2015-09-08 23:48 - 2015-09-10 15:58 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\Store
2015-09-08 23:48 - 2015-09-08 23:48 - 00000078 _____ C:\Users\Ellen\AppData\Roaming\WindApp.installation.log
2015-09-08 23:48 - 2015-09-08 23:48 - 00000078 _____ C:\Users\Ellen\AppData\Roaming\Selection Tools.installation.log
2015-09-08 23:47 - 2015-09-10 15:54 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\Nosibay
2015-09-08 23:47 - 2015-09-08 23:49 - 00001309 _____ C:\Users\Ellen\AppData\Roaming\Bubble Dock.boostrap.log
2015-09-08 23:47 - 2015-09-08 23:48 - 00005713 _____ C:\Users\Ellen\AppData\Roaming\Bubble Dock.installation.log
2015-09-08 23:47 - 2015-09-08 23:47 - 00000097 _____ C:\Users\Ellen\AppData\Roaming\WindApp.boostrap.log
2015-09-08 23:40 - 2015-09-15 17:12 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-09-08 23:40 - 2015-09-15 17:12 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-08 22:06 - 2015-09-08 22:06 - 00000000 ___RD C:\Users\Ellen\3D Objects
2015-09-08 21:53 - 2015-09-08 21:53 - 00034720 _____ () C:\WINDOWS\system32\Drivers\bsdriver.sys
2015-09-08 21:51 - 2015-09-10 17:53 - 00004760 _____ C:\WINDOWS\SysWOW64\Haedyanurv.ini
2015-09-08 21:51 - 2015-09-10 17:53 - 00002480 _____ C:\WINDOWS\SysWOW64\HaedyanurvOff.ini
2015-09-08 21:51 - 2015-09-10 17:53 - 00002480 _____ C:\WINDOWS\system32\HaedyanurvOff.ini
2015-09-08 21:51 - 2015-09-08 21:51 - 00003686 _____ C:\WINDOWS\System32\Tasks\BAUpd
2015-09-08 21:51 - 2015-09-08 21:51 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir
2015-09-08 21:51 - 2015-09-08 10:28 - 00353608 _____ C:\WINDOWS\system32\Haedyanurv64.dll
2015-09-08 21:50 - 2015-09-08 21:50 - 00000000 ____D C:\WINDOWS\system32\ebon
2015-09-08 21:50 - 2015-09-08 21:50 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\ortmp
2015-09-08 21:49 - 2015-09-10 18:06 - 00000000 ____D C:\Program Files\groover080920151225
2015-09-08 21:49 - 2015-09-08 21:49 - 00000045 _____ C:\user.js
2015-09-08 21:49 - 2015-08-20 11:46 - 00056736 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\cherimoya.sys
2015-09-08 21:48 - 2015-09-10 17:52 - 00000000 ____D C:\Program Files\Common Files\Goobzo
2015-09-08 21:48 - 2015-09-10 15:29 - 00000000 ____D C:\Program Files\WebBar
2015-09-08 21:48 - 2015-09-08 21:48 - 00000000 ____D C:\ProgramData\SearchModule
2015-09-06 03:21 - 2015-09-18 23:07 - 00000000 ___DC C:\WINDOWS\Panther
2015-09-06 03:20 - 2015-09-05 20:31 - 00000000 ____D C:\Windows.old
2015-09-06 03:15 - 2015-09-06 03:15 - 00028672 ___SH C:\WINDOWS\system32\config\BCD-Template.LOG
2015-09-06 03:15 - 2015-09-06 03:15 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-09-06 03:13 - 2015-09-06 03:13 - 00000000 ____D C:\Program Files\Synaptics
2015-09-06 03:12 - 2015-09-06 03:12 - 00000000 ____D C:\WINDOWS\Setup
2015-09-06 03:11 - 2015-09-06 03:11 - 00000000 ____D C:\WINDOWS\OCR
2015-09-06 03:11 - 2015-09-06 03:11 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-09-06 03:11 - 2015-09-06 03:11 - 00000000 ____D C:\Program Files\MSBuild
2015-09-06 03:11 - 2015-09-06 03:11 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-09-06 03:11 - 2015-09-06 03:11 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-09-06 03:09 - 2015-09-06 03:09 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2015-09-06 03:09 - 2015-09-06 03:09 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2015-09-06 03:09 - 2015-09-06 03:09 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2015-09-06 03:09 - 2015-09-06 03:09 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2015-09-06 03:09 - 2015-09-06 03:09 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2015-09-06 03:09 - 2015-09-06 03:09 - 00000000 ____D C:\WINDOWS\SysWOW64\0409
2015-09-06 03:09 - 2015-09-06 03:09 - 00000000 ____D C:\WINDOWS\system32\winrm
2015-09-06 03:09 - 2015-09-06 03:09 - 00000000 ____D C:\WINDOWS\system32\WCN
2015-09-06 03:09 - 2015-09-06 03:09 - 00000000 ____D C:\WINDOWS\system32\slmgr
2015-09-06 03:09 - 2015-09-06 03:09 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2015-09-06 03:09 - 2015-09-06 03:09 - 00000000 ____D C:\WINDOWS\system32\0409
2015-09-06 03:09 - 2015-09-06 03:09 - 00000000 ____D C:\WINDOWS\DigitalLocker
2015-09-06 03:03 - 2015-09-22 23:09 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-06 03:03 - 2015-09-22 16:56 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-06 03:03 - 2015-09-17 00:11 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-09-06 03:03 - 2015-09-16 22:43 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-06 03:03 - 2015-09-11 22:34 - 00000000 ____D C:\WINDOWS\rescache
2015-09-06 03:03 - 2015-09-09 01:03 - 00000194 _____ C:\WINDOWS\win.ini
2015-09-06 03:03 - 2015-09-08 23:37 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-06 03:03 - 2015-09-08 23:37 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-06 03:03 - 2015-09-08 23:37 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-09-06 03:03 - 2015-09-08 23:37 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-09-06 03:03 - 2015-09-08 23:36 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-09-06 03:03 - 2015-09-08 23:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-09-06 03:03 - 2015-09-08 23:36 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-09-06 03:03 - 2015-09-08 23:36 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-09-06 03:03 - 2015-09-08 23:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-09-06 03:03 - 2015-09-08 23:36 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-09-06 03:03 - 2015-09-08 23:36 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-06 03:03 - 2015-09-08 23:36 - 00000000 ____D C:\WINDOWS\Provisioning
2015-09-06 03:03 - 2015-09-08 22:08 - 00000000 ____D C:\WINDOWS\system32\restore
2015-09-06 03:03 - 2015-09-06 21:46 - 00000000 ____D C:\WINDOWS\appcompat
2015-09-06 03:03 - 2015-09-06 03:21 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-09-06 03:03 - 2015-09-06 03:09 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-09-06 03:03 - 2015-09-06 03:09 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2015-09-06 03:03 - 2015-09-06 03:09 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-09-06 03:03 - 2015-09-06 03:09 - 00000000 ___SD C:\WINDOWS\system32\dsc
2015-09-06 03:03 - 2015-09-06 03:09 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2015-09-06 03:03 - 2015-09-06 03:09 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2015-09-06 03:03 - 2015-09-06 03:09 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2015-09-06 03:03 - 2015-09-06 03:09 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2015-09-06 03:03 - 2015-09-06 03:09 - 00000000 ____D C:\WINDOWS\system32\setup
2015-09-06 03:03 - 2015-09-06 03:09 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-09-06 03:03 - 2015-09-06 03:09 - 00000000 ____D C:\WINDOWS\system32\migwiz
2015-09-06 03:03 - 2015-09-06 03:09 - 00000000 ____D C:\WINDOWS\system32\Com
2015-09-06 03:03 - 2015-09-06 03:09 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-09-06 03:03 - 2015-09-06 03:09 - 00000000 ____D C:\WINDOWS\IME
2015-09-06 03:03 - 2015-09-06 03:09 - 00000000 ____D C:\WINDOWS\Help
2015-09-06 03:03 - 2015-09-06 03:09 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-09-06 03:03 - 2015-09-06 03:09 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-06 03:03 - 2015-09-06 03:09 - 00000000 ____D C:\Program Files\Windows Defender
2015-09-06 03:03 - 2015-09-06 03:09 - 00000000 ____D C:\Program Files\Common Files\System
2015-09-06 03:03 - 2015-09-06 03:09 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-09-06 03:03 - 2015-09-06 03:09 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-09-06 03:03 - 2015-09-06 03:09 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-09-06 03:03 - 2015-09-06 03:04 - 00000000 __RSD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-09-06 03:03 - 2015-09-06 03:04 - 00000000 __RSD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 __SHD C:\Program Files\Windows Sidebar
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 __RSD C:\WINDOWS\Media
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 __RHD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\Nui
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ___SD C:\WINDOWS\system32\Nui
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ___SD C:\Program Files\WindowsPowerShell
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ___SD C:\Program Files (x86)\WindowsPowerShell
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ___RD C:\WINDOWS\DesktopTileResources
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\Web
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\Vss
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\tracing
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\TAPI
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\zh-HK
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\WindowsPowerShell
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\uk-UA
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\tr-TR
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\th-TH
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\sru
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\sr-Latn-RS
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\sr-Latn-CS
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\sppui
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\spp
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Speech_OneCore
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Speech
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\sl-SI
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\sk-SK
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\ro-RO
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\restore
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Recovery
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\RasToast
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\ras
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\networklist
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\NDF
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\MSDRM
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Licenses
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\InstallShield
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\hr-HR
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\he-IL
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\fr-CA
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\es-MX
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\bg-BG
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\ar-SA
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SystemResources
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\zh-HK
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\winevt
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\WindowsPowerShell
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\uk-UA
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\tr-TR
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\th-TH
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-RS
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\sppui
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\spp
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\Speech_OneCore
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\Speech
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\sl-SI
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\sk-SK
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\ro-RO
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\RasToast
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\ras
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\ProximityToast
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\PointOfService
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\networklist
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\MSDRM
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\Licenses
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\Ipmi
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\IME
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\icsxml
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\ias
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\hr-HR
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\he-IL
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\fr-CA
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\et-EE
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\es-MX
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\downlevel
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\config\Journal
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\Bthprops
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\bg-BG
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\ar-SA
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system\Speech
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\System
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\Speech_OneCore
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\Speech
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SKB
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\ShellNew
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\security
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\schemas
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\SchCache
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\Resources
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\Registration
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\PLA
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\Performance
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\InputMethod
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\Globalization
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\Cursors
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\Branding
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\addins
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\ProgramData\Comms
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\Program Files\Windows Portable Devices
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\Program Files\Windows NT
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\Program Files\Common Files\Services
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\Program Files (x86)\Windows NT
2015-09-06 03:03 - 2015-09-06 03:03 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2015-09-06 03:03 - 2015-09-06 03:00 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2015-09-06 03:03 - 2015-09-06 03:00 - 00215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2015-09-06 03:03 - 2015-09-06 03:00 - 00215943 _____ C:\WINDOWS\system32\dssec.dat
2015-09-06 03:03 - 2015-09-06 03:00 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2015-09-06 03:03 - 2015-09-06 03:00 - 00017463 _____ C:\WINDOWS\system32\Drivers\etc\services
2015-09-06 03:03 - 2015-09-06 03:00 - 00015462 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2015-09-06 03:03 - 2015-09-06 03:00 - 00008798 _____ C:\WINDOWS\SysWOW64\icrav03.rat
2015-09-06 03:03 - 2015-09-06 03:00 - 00008798 _____ C:\WINDOWS\system32\icrav03.rat
2015-09-06 03:03 - 2015-09-06 03:00 - 00003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2015-09-06 03:03 - 2015-09-06 03:00 - 00001988 _____ C:\WINDOWS\SysWOW64\ticrf.rat
2015-09-06 03:03 - 2015-09-06 03:00 - 00001988 _____ C:\WINDOWS\system32\ticrf.rat
2015-09-06 03:03 - 2015-09-06 03:00 - 00001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2015-09-06 03:03 - 2015-09-06 03:00 - 00000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2015-09-06 03:03 - 2015-09-06 03:00 - 00000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2015-09-06 03:03 - 2015-09-06 03:00 - 00000741 _____ C:\WINDOWS\system32\NOISE.DAT
2015-09-06 03:03 - 2015-09-06 03:00 - 00000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2015-09-06 03:03 - 2015-09-06 03:00 - 00000219 _____ C:\WINDOWS\system.ini
2015-09-06 03:03 - 2015-09-05 23:56 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-09-06 03:03 - 2015-09-05 23:56 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-09-06 03:03 - 2015-09-05 20:10 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-09-06 03:03 - 2015-09-05 20:10 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-09-06 03:03 - 2015-09-05 18:38 - 00000000 ____D C:\WINDOWS\system32\spool
2015-09-06 03:03 - 2015-09-05 18:37 - 00000000 __RHD C:\Users\Public\Libraries
2015-09-06 03:03 - 2015-09-05 18:37 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-09-06 03:03 - 2015-09-05 18:37 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-09-06 03:03 - 2015-09-05 18:33 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-09-06 03:03 - 2015-09-05 18:28 - 00000000 ____D C:\ProgramData\USOPrivate
2015-09-06 02:53 - 2015-09-21 20:35 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-06 02:44 - 2015-09-17 00:11 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-09-06 02:44 - 2015-09-17 00:09 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-09-06 02:44 - 2015-09-06 03:09 - 00000000 ____D C:\WINDOWS\servicing
2015-09-06 02:44 - 2015-09-06 03:03 - 00000000 ____D C:\WINDOWS\system32\SMI
2015-09-06 02:44 - 2015-09-05 18:39 - 00000000 __RHD C:\Users\Default
2015-09-06 02:44 - 2015-07-10 10:11 - 00000164 _____ C:\WINDOWS\system32\config\FP
2015-09-06 02:43 - 2015-09-05 20:26 - 00000000 ___HD C:\$SysReset
2015-09-06 00:59 - 2015-09-06 00:59 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\ZoomBrowser EX
2015-09-06 00:56 - 2015-09-08 21:56 - 00000094 _____ C:\Users\Ellen\AppData\Roaming\WB.CFG
2015-09-06 00:41 - 2015-09-06 00:45 - 124644565 _____ C:\Users\Ellen\Downloads\IBXW_INST_1_4_0_5_U01_9L.zip
2015-09-06 00:35 - 2015-09-06 00:35 - 00001274 _____ C:\Users\Public\Desktop\Picture Style Editor.lnk
2015-09-06 00:31 - 2015-09-06 00:34 - 84805976 _____ (CANON INC.) C:\Users\Ellen\Downloads\psew11410.exe
2015-09-06 00:12 - 2015-09-06 00:12 - 00001373 _____ C:\Users\Public\Desktop\ZoomBrowser EX.lnk
2015-09-06 00:12 - 2015-09-06 00:12 - 00000000 ____D C:\ProgramData\ZoomBrowser
2015-09-06 00:06 - 2015-09-08 23:28 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{ED9EB284-9B38-451B-950F-AAEA9248BC39}
2015-09-06 00:05 - 2015-09-05 10:23 - 00048744 _____ (StdLib) C:\WINDOWS\system32\Drivers\{ec691f88-7aa1-422e-8927-1e1e09131a80}Gw64.sys
2015-09-06 00:03 - 2015-09-10 18:10 - 00000000 ____D C:\ProgramData\ToolsUpdatePlatform
2015-09-06 00:03 - 2015-09-06 00:03 - 38224377 _____ C:\Users\Ellen\Downloads\zbx-upd-6-9-0a-1-u01-e.zip
2015-09-06 00:03 - 2015-09-06 00:03 - 00000000 ____D C:\Users\Public\Documents\Guid
2015-09-06 00:03 - 2015-09-06 00:03 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\0U1E1Q1T2Z1P0S2Z1T1C
2015-09-06 00:02 - 2015-09-06 00:02 - 00000000 ____D C:\Users\Public\Documents\Baidu
2015-09-06 00:00 - 2015-09-06 00:01 - 00911160 _____ (Application ) C:\Users\Ellen\Downloads\canon-utilities-zoombrowser-ex.exe
2015-09-05 23:59 - 2015-09-10 15:28 - 00000000 ____D C:\Users\Ellen\AppData\Local\Chromium
2015-09-05 23:56 - 2015-09-22 16:56 - 00000282 _____ C:\WINDOWS\Tasks\Tny_Cassiopesa.job
2015-09-05 23:56 - 2015-09-11 21:35 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro_v57.1978
2015-09-05 23:56 - 2015-09-10 18:13 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro
2015-09-05 23:56 - 2015-09-05 23:56 - 00002774 _____ C:\WINDOWS\System32\Tasks\Tny_Cassiopesa
2015-09-05 23:56 - 2015-09-05 23:56 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-09-05 23:56 - 2015-09-05 23:56 - 00000008 _____ C:\END
2015-09-05 23:55 - 2015-09-05 23:55 - 00708744 _____ (UQMJI) C:\Users\Ellen\Downloads\ZoomBrowser EX Updater.exe
2015-09-05 23:53 - 2015-09-05 23:53 - 00001144 _____ C:\Users\Public\Desktop\EOS Utility.lnk
2015-09-05 23:47 - 2015-09-05 23:51 - 99114785 _____ C:\Users\Ellen\Downloads\euw2.14.20-updater (1).zip
2015-09-05 22:18 - 2015-09-05 22:18 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-09-05 22:15 - 2015-09-05 22:15 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\CANON INC
2015-09-05 21:45 - 2015-09-05 21:45 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\Canon_Inc_IC
2015-09-05 21:45 - 2015-09-05 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-09-05 21:44 - 2015-09-05 21:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-09-05 21:33 - 2015-09-05 21:33 - 00001209 _____ C:\Users\Public\Desktop\Digital Photo Professional.lnk
2015-09-05 21:32 - 2015-09-05 21:32 - 00000000 ____D C:\Users\Public\Documents\Canon MyCameraFiles
2015-09-05 21:31 - 2015-09-06 00:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-09-05 21:31 - 2015-09-06 00:35 - 00000000 ____D C:\Program Files (x86)\Canon
2015-09-05 21:30 - 2015-09-05 21:30 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-09-05 21:28 - 2015-09-05 22:36 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\canon
2015-09-05 21:28 - 2015-09-05 21:28 - 00000000 ____D C:\ProgramData\Canon_Inc_IC
2015-09-05 21:03 - 2015-09-05 21:03 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\Macromedia
2015-09-05 20:13 - 2015-09-05 20:13 - 00002338 _____ C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-09-05 20:12 - 2015-09-05 20:12 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-09-05 20:11 - 2015-09-10 18:08 - 00000000 ____D C:\Users\Ellen\AppData\Local\Comms
2015-09-05 20:09 - 2015-09-19 13:27 - 00000000 ____D C:\Users\Ellen\AppData\Local\Packages
2015-09-05 20:09 - 2015-09-05 20:09 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-09-05 20:09 - 2015-09-05 20:09 - 00000020 ___SH C:\Users\Ellen\ntuser.ini
2015-09-05 20:09 - 2015-09-05 20:09 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2015-09-05 20:09 - 2015-09-05 20:09 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\Adobe
2015-09-05 20:09 - 2015-09-05 20:09 - 00000000 ____D C:\Users\Ellen\AppData\Local\TileDataLayer
2015-09-05 18:47 - 2015-09-05 18:47 - 00770720 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2015-09-05 18:47 - 2015-09-05 18:47 - 00422048 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2015-09-05 18:47 - 2015-09-05 18:47 - 00270496 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2015-09-05 18:47 - 2015-09-05 18:47 - 00267936 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo35.dll
2015-09-05 18:47 - 2015-09-05 18:47 - 00044192 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel_Aux.sys
2015-09-05 18:47 - 2015-09-05 18:47 - 00043680 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF_Aux.sys
2015-09-05 18:39 - 2015-09-19 00:27 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-05 18:36 - 2015-09-19 13:27 - 00000000 ___RD C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-05 18:36 - 2015-09-11 21:52 - 00000000 ____D C:\Users\Ellen
2015-09-05 18:36 - 2015-09-06 03:04 - 00000000 __RSD C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-09-05 18:36 - 2015-09-06 03:03 - 00000000 ___RD C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-05 18:36 - 2015-09-06 03:03 - 00000000 ___RD C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-09-05 18:36 - 2015-09-06 03:03 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-09-05 18:29 - 2015-09-21 20:35 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-09-05 18:29 - 2015-09-05 18:29 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2015-09-05 18:29 - 2015-09-05 18:29 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-09-05 18:29 - 2015-09-05 18:29 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2015-09-05 18:28 - 2015-09-05 18:28 - 00000000 ____D C:\ProgramData\USOShared
2015-09-05 18:28 - 2015-09-05 18:28 - 00000000 ____D C:\Program Files\Intel
2015-09-05 18:28 - 2015-07-30 22:45 - 00072688 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-09-05 18:28 - 2015-07-30 22:45 - 00069104 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2015-09-05 18:27 - 2015-09-05 18:27 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
2015-09-05 18:27 - 2015-07-10 11:59 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-09-05 18:24 - 2015-09-17 00:12 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-05 18:23 - 2015-09-08 23:39 - 00189240 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-02 21:10 - 2015-09-02 21:10 - 00057744 _____ (PhraseProfessor) C:\WINDOWS\system32\Drivers\ppfd_vw_1_10_0_24.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-08 21:50 - 2015-07-10 12:00 - 00680256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2015-09-08 21:50 - 2015-07-10 12:00 - 00534064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2015-09-06 03:20 - 2015-08-21 06:44 - 00000000 __SHD C:\Recovery
2015-09-05 20:13 - 2015-07-08 23:30 - 00000000 ___RD C:\Users\Ellen\OneDrive
2015-09-05 18:47 - 2015-08-20 22:30 - 01806192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2015-09-05 18:47 - 2015-08-20 22:30 - 00630944 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2015-09-05 18:47 - 2013-03-14 22:11 - 00044192 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys

==================== Files in the root of some directories =======

2015-09-08 23:47 - 2015-09-08 23:49 - 0001309 _____ () C:\Users\Ellen\AppData\Roaming\Bubble Dock.boostrap.log
2015-09-08 23:47 - 2015-09-08 23:48 - 0005713 _____ () C:\Users\Ellen\AppData\Roaming\Bubble Dock.installation.log
2015-09-08 23:48 - 2015-09-08 23:48 - 0000078 _____ () C:\Users\Ellen\AppData\Roaming\Selection Tools.installation.log
2015-09-06 00:56 - 2015-09-08 21:56 - 0000094 _____ () C:\Users\Ellen\AppData\Roaming\WB.CFG
2015-09-08 23:47 - 2015-09-08 23:47 - 0000097 _____ () C:\Users\Ellen\AppData\Roaming\WindApp.boostrap.log
2015-09-08 23:48 - 2015-09-08 23:48 - 0000078 _____ () C:\Users\Ellen\AppData\Roaming\WindApp.installation.log
2015-09-05 18:29 - 2015-09-05 18:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Windows\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200}.job


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll
[2015-07-10 12:00] - [2015-09-08 21:50] - 0680256 ____A (Microsoft Corporation) 72318557AD8FE998C6B71DD12FC4B81E

C:\WINDOWS\SysWOW64\dnsapi.dll
[2015-07-10 12:00] - [2015-09-08 21:50] - 0534064 ____A (Microsoft Corporation) 800B562764B22080CC59CF4E5EAA3CB6

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-21 21:59

==================== End of FRST.txt ============================